Hi Experts,
Is there special steps to be followed when we disjoin and rejoin the ADFS member server from the domain?
Regards,
Nidhin CK
ADFS member server domain disjoin - rejoin process
- 906 Views
- Last Post 26 September 2016
nidhin_ck
posted this
26 September 2016
ZJORZ
posted this
26 September 2016
While it still is a member of the ADFS farm? Don’t know. Never done that before SQL or WID? SQL, you should be able to see the farm config WID, it should replicate (see event log) Any errors? Met vriendelijke groeten / Kind regards, Jorge de Almeida Pinto*: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx(: +31 (0)6 26.26.62.80 
nidhin_ck
posted this
26 September 2016
Hi Jorge,
Currently this server is a member of ADFS Farm and it uses WID. Wintel team recommends to disjoin and rejoin this server from domain as we receive Event ID 3210 (attached screenshot) on this ADFS server that too on specific time range (for eg:- region shift
login time). This server is a VM machine and wintel team thinks there might be a duplicate SID for this machine object.
Whenever server generates 3210, this server also generates numerous Event ID 364 under ADFS event viewer and users pointing to this adfs server facing SSO issues. We will have restart ADFS service/IIS/Netlogon server to fix this SSO issue. So we thought
of trying this disjoin rejoin steps.
Regards,
Nidhin CK
Regards,
Nidhin CK
kebabfest
posted this
26 September 2016
I would have thought the message looks to be something screwy in dns. Is there a dc on the same vlan as your adfs server ?
skitzsofrenick
posted this
26 September 2016
If you think it’s a problem with the computer account. Can you try running test-computersecurechannel? If that tests good, it is more than likely a firewall or
DC problem.
aaron clasby
nidhin_ck
posted this
26 September 2016
test-computersecurechannel is giving true.. and we have multiple DC's in this adfs server vlan
Regards,
Nidhin CK
